Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security systems and methods to reduce data leaks in enterprise networks

a technology of security systems and networks, applied in the field of network security, can solve problems such as data leakage, difficult or impossible approaches, and inability to modify source code for such applications, and achieve the effect of less overhead and easier to escap

Inactive Publication Date: 2014-11-18
GEORGIA TECH RES CORP
View PDF14 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The system effectively reduces data leaks by strictly controlling information flows, allowing unmodified legacy applications to be secured, and integrating with existing user directories, providing comprehensive protection and minimizing user intervention while preventing data leaks from both internal and external threats.

Problems solved by technology

This approach proves difficult or impossible in most organizations where applications are proprietary and run on commodity operating systems, and modifying source code for such applications is not possible.
In contrast, lowering secrecy or integrity, such as by unsetting a characteristic from a taint 210, can potentially cause data leaks, and may thus require explicit user action.
Specifically, where the labels 200 are tracked at the granularity of memory pages, and not at the granularity of a process that consists of several memory pages, system calls are not sufficient to track all flow of information between memory pages.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security systems and methods to reduce data leaks in enterprise networks
  • Security systems and methods to reduce data leaks in enterprise networks
  • Security systems and methods to reduce data leaks in enterprise networks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019]To facilitate an understanding of the principles and features of the invention, various illustrative embodiments are explained below. In particular, the invention is described in the context of being a security system for reducing data leaks in an enterprise networks. Embodiments of the invention, however, need not be limited to protecting an organization against data leaks. Rather, various embodiments of the invention can be used to manage data permissions within an organizational network, to enable comprehensive tracking and auditing of sensitive data access and use, to protect sensitive data accessed from outside an enterprise network through a potentially untrusted web-based application, and can be used in networks other than enterprise networks.

[0020]The components described hereinafter as making up various elements of the invention are intended to be illustrative and not restrictive. Many suitable components that can perform the same or similar functions as components de...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Disclosed are embodiments of a security system for reducing data leaks by checking information flows between resources of a network. When an information flow is attempted between a sending resource, which can be anywhere in the network, and a receiving resource residing at a specific host within the network, a host labeler can determine whether information is allowed to flow from the sending resource to the receiving resource. The sending resource and the receiving resource can each have an applicable label, and each label can comprise zero, one, or more taints. For each taint having an active secrecy characteristic in a label of the sending resource, the host labeler can require that there be a matching taint with active secrecy characteristic in the receiving resource. If this condition is not met, the security system can block the information flow between the sending and receiving resources.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application claims priority to and the benefit under 35 U.S.C. §119(e) of U.S. Provisional Patent Application No. 61 / 384,475, filed 20 Sep. 2010, which is incorporated herein by reference in its entirety as if fully set forth below.GOVERNMENT LICENSE RIGHTS[0002]This invention was made with Government support under Agreement No. CNS-0916732, awarded by the National Science Foundation. The Government has certain rights in this invention.TECHNICAL FIELD[0003]Various embodiments of the present invention relate to network security and, particularly, to security systems and methods that reduce or prevent data leaks in enterprise networks.BACKGROUND[0004]Organizations must control where private information spreads and to whom it is accessible; this problem is referred to in the security industry as data loss / leak prevention (DLP). Commercial solutions for DLP are based on scanning content, where the content of traffic flowing outside an or...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(United States)
IPC IPC(8): H04L29/06
CPCG06F21/6218H04L63/105
Inventor RAMACHANDRAN, ANIRUDH V.MUNDADA, YOGESH H.BIN TARIQ, MUHAMMAD MUKARRAMFEAMSTER, NICHOLAS G.
Owner GEORGIA TECH RES CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com